I have installed the popular IsoApplet (https://github.com/philipWendland/IsoApplet) on my 2.2.2 javacard and have been able to use the pkcs11-tool and pkcs15-tool from the OpenSC project to generate private keys on the card and use them to authenticate to servers over SSH.
Separately, I was able to successfully use the challenge-response of my Yubikey 5 (https://www.yubico.com/products/services-software/personalization-tools/challenge-response/) in order to add security to unencrypting a KeepassXC database.
Now, I'd like to add https://github.com/arekinath/YkOtpApplet to the same javacard that has the IsoApplet. How do external applications interact with separate applications on the javacard? Can I have both of these apps on the same javacard? Are the limits just the storage on the card?
I have two cards available:
Yes, you can have both apps in the same card and the only limit is the permanent storage on the card (unless one of the apps is not compatible with your card, for example if it requires some crypto functions not provided by the card OS).
Each application has an identifier imaginatively named AID, "Application ID", assigned when the application is installed on the card. When an external system wants to interact with a card, the first command (called SELECT) selects the application it wants to talk to, using the AID as a parameter. Any subsequent command then is routed to that app, until the card is reset or a SELECT to a different app is received.